gdax-java icon indicating copy to clipboard operation
gdax-java copied to clipboard

Published 20 hours ago verified publisher icon irufus

Websocket: cannot subscribe with authentication

Open petnnw opened this issue 7 years ago • 7 comments

Hi!

Without authentication, I can subscribe to GDAX Websocket feed (any channel combination).

Instead, if I set my key, passphrase and secret code, then I get the answer: {"type":"error","message":"Sorry, you could not be authenticated: Bad Request","reason":"invalid signature"}

According to the GDAX api, when specifying channels you must authenticate using the path: "/users/self/verify" (just "/users/self" if you don't specify channels).

However in signObject() on WebsocketFeed.java, the path is "" as you might find on line 198:

jsonObj.setSignature(signature.generate("", "GET", jsonString, timestamp));

I tried to correct the issue (i.e. setting the correct path), with no success.

petnnw avatar Dec 08 '17 08:12 petnnw

This is a user error. For a live version that works you can checkout what I've been implementing over here (which works daily for me) with the current code base. https://github.com/robevansuk/gdax-java/blob/master/src/main/java/com/coinbase/exchange/api/gui/orderbook/OrderBookView.java#L140

robevansuk avatar Jan 22 '18 22:01 robevansuk

Also I have a bunch of commits on my machine that I intend to push in the not too distant future (weeks/month (or two)) which will provide an implementation of the orderbook. It's not quite ready yet as I need to build more tests and more logic around handling the live orders from the websocketfeed, but its coming along nicely now.

robevansuk avatar Jan 22 '18 22:01 robevansuk

@robevansuk I've had the same issue as @petnnw. Any guidance on what the user error is, or how to fix it?

patrickjm avatar Jan 12 '19 22:01 patrickjm

Hi, have you checked responses on StackOverflow? Some are from me as I try to follow along. Saying that I haven't looked too much at this in the last 6 months since the rebranding effort from GDAX -> Coinbase Pro

robevansuk avatar Jan 14 '19 11:01 robevansuk

Turns out the problem for me was that I was including my subscription body in my signature. For whatever reason, coinbase does not expect a body in the signature for the websocket feed.

Was there something about the rebranding that caused you to lose interest? It's been about a year since I've been in the loop on this.

patrickjm avatar Jan 14 '19 11:01 patrickjm

I managed to solve this issue with the following changes:

  • do NOT include request body in the signature, and the requestPath should be /users/self/verify here: https://github.com/irufus/gdax-java/blob/master/src/main/java/com/coinbase/exchange/api/websocketfeed/WebsocketFeed.java#L198
  • Subscribe.apiKey field should be just key https://github.com/irufus/gdax-java/blob/eca981b0728673ffe033c22d1e21d72c77c56c55/src/main/java/com/coinbase/exchange/api/websocketfeed/message/Subscribe.java#L15 @irufus something that can be easily fixed @patrickjm @petnnw might be interested in this as well.

Make these changes, then subscribe to user channel, and you are good to go.

zoltanmajzik avatar Sep 11 '19 21:09 zoltanmajzik

@robevansuk Your code works well for the market data, because it does not need authentication. If you would try to subscribe to the full channel with something like

{"type":"subscribe", "channels":[{"name":"user","product_ids":["ETH-DAI","ETH-USDC","BAT-ETH"]}], "signature":"", "passphrase":"", "timestamp":"", "key":"" }

you can quickly realize (even after inserting your valid credentials in the above JSON), that upon subscription you will receive:

{"type":"error","message":"Authentication Failed","reason":"{"message":"invalid signature"}"}

I also had the problems when I started to build an automated java trader, I have checked the code in node.js/javascript-api client to solve this issue and came to the same solution as @zoltanmajzik ... and I am running my code with real money since month now.

DBurghardt avatar Jul 30 '20 16:07 DBurghardt